AiFi Sandbox Environments

Overview

AiFi provides two sandbox environments for developers to test their integrations with the AiFi platform: Public Sandbox and Private Sandbox.

Public Sandbox is a shared environment intended for lightweight testing of API integrations. It’s accessible to all developers and resets frequently.
Private Sandbox is a dedicated instance created in coordination with your AiFi Account or Product Manager. It offers full feature parity with production and is isolated from other teams.

All environments support the same APIs and authentication flows. The only differences are the target URL and the token used.

Environment Access

Environment	Description	URL	Access
Public Sandbox	Shared, resets every 48 hours, limited services	`https://oasis-api.public.sandbox.oasis.aifi.com`	Token issued by AiFi upon request
Private Sandbox	Dedicated per retailer, persistent data, full features	Varies by setup	Coordinate with Product/Account Manager

Access tokens for each environment are required. These are scoped per retailer and typically expire after 90 days.

Contact AiFi to request or refresh a token.

Known Limitations

Data persistence: The Public Sandbox environment resets automatically every 48 hours. Any data created in this environment is temporary and should not be relied upon for long-term storage or testing.
Webhook support: Webhook functionality isn't available in the Public Sandbox. Webhooks must be configured per retailer in a private or production environment.
Store services: Certain features depend on store-specific services. These features may not behave as expected in the Public Sandbox if those services aren't available or simulated.

danger

Don't test with real personally identifiable information (PII) or production data. All data in the Public Sandbox is visible to other developers and may be cleared without notice. Use only dummy data and placeholders.

Authentication

All scripts in this guide require a bearer token in the Authorization header. This token should be scoped to the environment (Public or Private) you are working with.

Never use real credentials or customer data. Avoid using real passwords, emails, or other PII. All data is subject to deletion or exposure in shared environments.

Testing Scenarios

The following scripts simulate an end-to-end customer journey through the AiFi system. These scripts work in both Public and Private Sandbox environments unless noted.

Scenario 1: Product Sync

Add a Test Product

# test-product.sh
TOKEN=<your-token>
BODY=$(cat <<EOM
{
  "name": "coca-cola-test-2",
  "quantity": 1,
  "price": 1,
  "thumbnail": "https://example.com/some-image.jpg",
  "weight": 1000,
  "barcode": "0011223344001"
}
EOM
)
curl -X POST \
  -H "Content-type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d "$BODY" \
  https://oasis-api.public.sandbox.oasis.aifi.com/api/admin/v2/products

Optional: Fetch Product by Barcode

# test-get-product.sh
BARCODE=${1:-0011223344001}
TOKEN=<your-token>
curl -X GET \
  -H "Content-type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  "https://oasis-api.public.sandbox.oasis.aifi.com/api/admin/v2/products?barcode=$BARCODE"

Optional: Delete Product

# test-delete-product.sh
PRODUCT_ID=<product-id>
TOKEN=<your-token>
curl -X DELETE \
  -H "Content-type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  "https://oasis-api.public.sandbox.oasis.aifi.com/api/admin/v2/products/$PRODUCT_ID"

Scenario 2: Simulate Check-In and Checkout Flow

Create a Customer

# test-customer.sh
EMAIL=${1:-test@test.test}
TOKEN=<your-token>
BODY=$(cat <<EOM
{
  "email": "$EMAIL",
  "password": "123456789"  # Password is deprecated; no effect
}
EOM
)
curl -X POST \
  -H "Content-type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d "$BODY" \
  https://oasis-api.public.sandbox.oasis.aifi.com/api/admin/v2/customers

Set an Entry Code for the Customer

# test-set-entry-code.sh
CODE=${1:-code123456789}
CUS_ID=${2:-1}
SESSION_ID=${3:-$CODE}
TOKEN=<your-token>
BODY=$(cat <<EOM
{
  "code": "$CODE",
  "sessionId": "$SESSION_ID"
}
EOM
)
curl -X POST \
  -H "Content-type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d "$BODY" \
  https://oasis-api.public.sandbox.oasis.aifi.com/api/admin/v2/customers/$CUS_ID/entry-codes

Simulate Check-In (AiFi Scanner)

# test-validate-code.sh
CODE=${1:-code123456789}
TOKEN=<your-token>
BODY=$(cat <<EOM
{
  "verificationCode": "$CODE"
}
EOM
)
curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -H 'X-AIFI-LocationId: 1' \
  -H 'X-AIFI-Store: publicsandbox-us' \
  -d "$BODY" \
  https://oasis-api.public.sandbox.oasis.aifi.com/api/aifi/entry-codes/verify

Simulate Check-In (Retailer-owned Device)

# test-manual-check-in.sh
SESSION_ID=${1:-session123}
TOKEN=<your-token>
BODY=$(cat <<EOM
{
  "customer": {
    "sessionId": "$SESSION_ID",
    "trackId": "12345",
    "transactionId": 1,
    "role": "customer"
  }
}
EOM
)
curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -H 'X-AIFI-LocationId: 1' \
  -H 'X-AIFI-Store: publicsandbox-us' \
  -d "$BODY" \
  https://oasis-api.public.sandbox.oasis.aifi.com/api/aifi/customers/entered

Send Checkout Request

# test-checkout.sh
TRANSACTION=${1:-1}
QUANTITY=${2:-1}
SESSION_ID=${3:-1}
PRODUCT_ID=${4:-1}
TOKEN=<your-token>
BODY=$(cat <<EOM
{
  "sessionId": "$SESSION_ID",
  "transactionId": $TRANSACTION,
  "status": "completed",
  "products": [{
    "RIN": "$PRODUCT_ID",
    "quantity": $QUANTITY
  }]
}
EOM
)
curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -H 'X-AIFI-LocationId: 1' \
  -H 'X-AIFI-Store: publicsandbox-us' \
  -d "$BODY" \
  https://oasis-api.public.sandbox.oasis.aifi.com/api/aifi/checkouts

Scenario 3: Simulate Loyalty Scan

Attach a Loyalty Card Token to a Customer

# test-loyalty-card.sh
CUS_ID=${1:-7}
RANDOM_SUFFIX=${2:-random123}
TOKEN=<your-token>
BODY=$(cat <<EOM
{
  "card": {
    "provider": "NONE",
    "cardToken": "dummy-token-$RANDOM_SUFFIX",
    "defaultCard": true,
    "cardLast4Digits": "1234",
    "cardExpiryDate": "12/68"
  }
}
EOM
)
curl -X PATCH \
  -H "Content-type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d "$BODY" \
  https://oasis-api.public.sandbox.oasis.aifi.com/api/admin/v2/customers/$CUS_ID

Use scripts locally

Download

You can download aifi-docs-tests.zip to get started.

You can run all the scripts locally if you use a simple token replacement. For convenience, AiFi provides a downloadable bundle: aifi-docs-tests.zip. To prepare it:

unzip aifi-docs-tests.zip;
cd aifi-docs-tests;
find . -name "*.sh" -type f -exec sed -i '' \
  -e 's/{API_URL}/your-actual-api-url.com/g' \
  -e 's/{TOKEN}/your-actual-token-here/g' \
  -e 's/{STORE_NAME}/YourStoreName/g' \
  {} \;

Or run each script manually as shown in the previous sections to better understand the API flow.

Overview​

Environment Access​

Known Limitations​

Authentication​

Testing Scenarios​

Scenario 1: Product Sync​

Scenario 2: Simulate Check-In and Checkout Flow​

Scenario 3: Simulate Loyalty Scan​

Use scripts locally​